QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-14370

Back to search

CVE-2020-14370

Published: Sep 23, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

VendorProductVersions

n/a

podman

affected
podman versions before 2.0.5

Weaknesses (CWE)

CWE-212

References

FEDORA-2020-76fcd0ba34
vendor-advisory
FEDORA-2020-7b6058fec9
vendor-advisory
FEDORA-2020-3a4b8fca5e
vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now